Data protection history #1: European Development
The priority for safety of private information was a major concern long before the digital age. More often than not, governments prefer to limit their citizens’ privacy by justifying their actions with counter terrorism practices and dangers of war, or simply because the country’s regime allows such restrictions. And though, currently cloud storage services provide with several advantages, still there are plenty of threats relating to data breaches. Data security today is as vital as a physical one. For the past several years the number of breaches increased, this is due to the vulnerabilities in web applications and their weakness to brute force attacks. Yet, the protection of private information started before the era of Internet started. IDM is a next step in data protection; powered by its own patented data protection technology called SIZE, we are preparing to launch a global decentralised ecosystem that connects users who want to store information safely and miners who provide memory on their devices to generate income. In this series of articles we will introduce you to the development of data security through the ages. This week’s feature is — data protection in Europe.
The question of data protection began to concern people in early 1970’s. Sweden and France were one of the pioneers of privacy legislation. It started with Sweden, which enacted a national data protection law on 11 May 1973, in response to public concerns around the increasing use of computers to process and store personal data. The law had many sides that were put under the criticism by public. But in 1978 France enacted much more developed privacy law, which often seen as the first real step in legal data protection. The French parliament in 1978 decreed that any person company or government agency receiving or processing personal information without authorisation could be punishable by up to six months in prison and a maximum fine of 20,000 francs (3,000 euros, $4,115).
In 1981 it was followed by the Convention for the protection of individuals with regard to automatic processing of personal data was introduced, due to increasing amount of information processed automatically, and dedicated to ensuring users’ privacy. More and more countries followed suit and a decade later European Union’s Data Protection Directive was established on 24 October 1995. It was based on several principles, including companies being obliged to notice users in case they collected their data, keep it safe from third parties, and using it only for purposes directly stated.
The General Data Protection Regulation (GDPR) is a latest and most discussed novelty in data protection, and it’s also the main change in European laws related to the field in last 20 years. It took effect on May 25 and granted individuals the right to be deleted from any sites which contain data no longer accurate or necessary. Consent is key in the framework of GDPR. It must be freely given, informed, unambiguous and — in the case of sensitive data — explicit, and individuals may withdraw their consent at any time.Organisations processing personal data must take measures to ensure that the data is protected by default, with necessary technical and organisational measures in place, and protected by design, with privacy and data protection built into the design and architecture of systems and technologies. Organisations outside the EU must also comply and designate a representative in the EU in order to collect data on its citizens. In the event of a breach, organisations must notify their data protection authority within 72 hours, unless the breach is unlikely to pose a risk for individuals.